Are you going to learn morse code? It's not required for a license anymore, but a QRP (low power) rig on 40 meters can work hundreds or thousands of miles with a decent antenna if the atmosphere is right. QRP rigs can be extremely small and light, too.
Yaseu has the FT-817 all-mode all-band radio that comes in at about 1.2kg (just more than 2.5lbs) including the antenna and battery. It's about 5"x6"x2" as I recall, with about 5W max output. It definitely gives you options.
I got out in '93, mainly because I was tired of working two extra jobs plus keeping up with everything with the Corps, just to support my family. I was a Cpl at the time, living in base housing, with one kid, one car, one wife, and not much else. As I recall, my total gross from my military pay was right at 13K that year. I made almost that much working part time at McD's that year.
I got out and took a job with a defense contractor doing the same thing I was doing in the Corps (TMDE repair/calibration), and immediately was grossing more than 25K.
While I was in, everyone I knew below the rank of Gunny or SSgt, and had a family was on food stamps and WIC.
And for the other poster commenting on the tricked out cars and crap he saw on the air force base... Stop and think... There's not many places to spend money when you're deployed to a combat zone. I suspect most of those 'kids' you saw that you thought were right outta boot have been to the sandbox and back.
Also, for your further education, the military doesn't pay all your expenses as an enlisted man... at least not when I was in the Corps. No one drew a pay check for the entire 12 weeks of boot camp, but when we got our initial pay, we took that $900 check they gave us, and spent most of it paying for our uniforms, our PX bill, and our travel to take our 10 day leave. While I was in school at 29 Palms, I didn't get paid at all for three months because of a payroll screw up. When I finally got paid, I owed for uniforms, haircuts, etc. When I was in school at MCLB Albany, GA, I ended up spending more than an entire months take home on a complete new issue of uniforms just so I could pass the Junk on Bunk inspections to get weekend liberty and not spend all weekend picking up trash on the CG's detail, or doing something equally banal on orders designed to give me something to do to keep young Marines out of trouble.
I'll end the rant this has become by simply saying this... no matter how much members of the military get paid, especially young enlisted men and women, they've made the choice to put their lives on the line, to shed their blood, just so other people back home can continue to make statements and assumptions about things they truly don't and will never understand.
It is by the blood of these men and women, my brothers and sisters in arms, that this country, as bad as it may be at the moment, is still the place people such as yourself gladly call home.
Don't forget that the support costs on a 5E dwarf even the cost of most, if not all, Smartnet contracts.
Simply said, because the equipment isn't/hasn't been able to support it, the only way to build 5 9's or better has been to add more equipment, which increases operations costs, capital costs, etc across the board in an almost linear fashion.
The market has for the most part established the level of service available by establishing the price point the customer is willing to pay for said service.
People love to point towards the big bad telcos and other companies as monopolies and only being concerned about profit margins. They forget that those same profit margins are what drive the company's stock price, in turn causing growth in people's portfolios. It's a vicious cycle and won't end until enough people decide they have enough.
The End to End Performance Initiative has a knoppix live CD image you can download that includes test tools that may help. I'm in the process of deploying these tools around my network now.
I've not tried to push a full gig with them (yet), but they seem to work better than anything else I've found so far...
I've not read the patent, but if the claim is really as broad as indicated, it would seem to include the PSTN currently used for 'analog' calls.
The PSTN, by definition a Public Network, is made up of analog access lines connection analog 'terminals' - your phones - to what's known as a Class 5 switch. Class 5 switches are connected together at what's known as a Tandem, providing connectivity between all the users within an area. Access to the long distance network is via a connection to a Class 4 switch, usually at the tandem, but not always. Class 4 switches are interconnected (internetworked??) with other switches, and eventually a sufficient network is formed that allows you to call anyone with a phone.
The analog to digital conversion used to be done in the CO itself, and sometimes still is, but usually it's done at the Digital Loop Carrier (DLC) closest to the customer http://en.wikipedia.org/wiki/Digital_loop_carrier.
Plainly, the only thing really new about VoIP is that it abtracts the physical transport and allows the control plane traffic to be transmitted on the same path as the bearer plane traffic.
I've done it with up to two sat hops without much problem. For a geo-synch bird, expect 620-630ms latency roundtrip from one end of the connection to the other for each earth-sat-earth hop in the path.
VoIP guidelines generally say 150ms is the latency limit, but in my experience, jitter is more important to overall call quality. A stable, low jitter connection with higher latency will have a higher MOS score (sound better) than a high jitter, low average latency connection.
For reference, my config was using a Cisco 7910G ip phone, 3524XL PoE switch, 2621 router, sat netmodem (iDirect), satellite (AMC-5, I think is the bird we used to test with), groundstation, 7206VXR, Cat6509, MCS7835 with Call Manager 3.3, and AS5350 with 1 PRI as a POTS gateway.
I conducted several multiparty conference calls using this setup as part of a dog and pony show and all the executives thought the quality was at least acceptable.
Code selection is also important. G.711 will usually sound better, use less processor resources, and will have a lower inherent latency. However G.711 requires a minimum of 64K per call, just for the voice portion. Add IP overhead and you're looking around 70K per call.
G.729a is probably a better choice, but there will be a slight delay and quality penalty. Jitter may be higher as well depending what else the processor is handling at the same time. Bandwidth requirements will drop to around 14-16K per call, with overhead, however.
QoS is important if you're going to use the link for other traffic besides voice. You want to make sure that your voice packets, regardless of codec, are prioritized and handled before any other traffic crossing the link. Since you've already blown your delay budget (the 150ms I mentioned earlier), you need to try to make sure that the jitter buffers are buffering enough data to smooth out the voice traffic, also.
In conclusion, VoIPoSat isn't trivial, but it is doable. There will have to be significant performance tuning in the network to control jitter.
Actually a real T1 uses 2 pair, one for transmit, and one for receive. A T1 delivered by HDSL uses a single pair up to the smart jack, but it's still two pair (1,2,4,5 on the RJ45/RJ48).
And if you're actually in a CO, trying to trace a circuit between DSX panels, there's a fifth wire, the locator wire, wired in as part of the cross connect. It provides a neat function - when you insert a looping plug in the dsx, lights on both DSX panels come on to tell you where the circuit is.
Don't confuse Hams and CB'ers. Hams are licensed to transmit up to a certain power on certain frequencies. In some bands, with some licenses, a ham can use 1500W, if needed. The general rule is to use on the power required to make the connection.
If you have a signal getting beat up by a ham's transmitter, the first question I'd have to ask is why are you transmitting in a ham band?
I don't mean to flame.. But you need to spend some time on CCO at least.
Meet me in New Orleans in a couple of weeks, and I can teach you all about Cisco's Modular QoS implementation.
I will say this, using MQoS, I can classify traffic based on just about anything, from layer 2 up. Once I classify it, I can priority or custom queue it, change next hop info, retag it, change IP Prec bits, add/change DiffServ bits, et al.
BTW.. to enable RSVP, try this on the INTERFACE you want RSVP enabled-
ip rsvp bandwidth [interface-kbps] [single-flow-kbps]
where interface-kbps is the bandwidth allowed to be reserved by rsvp (defaults to 75% of interface) and single-flow-kbps is the max bandwidth allowed to be reserved by a single flow. Both are optional. RSVP is disabled by default, as it is assumed that if you need RSVP, you know enough about it to turn it on.
If you actually work for a partner, you need to check out QoS on the Partner E-Learning Connection.
Simply put, don't be a target. Carry yourself with the attitude that you aren't anyone's target, you belong exactly where you are, and know exactly what's going down.
Know what's going on around you at all times. Walking around any kinda of area where you could get mugged wearing any kind of earphones tells those watching that you have NO awareness of much of anything except what's right in front of you. Since you're a geek, maybe not even that.
Use the senses you were born with... if you hear something behind you, move first, ask questions later. See something that makes the hair on your neck bristle ahead? MOVE to the other side of the street. Don't take that shortcut down the isolated alley.
Vary your routes if you think you need to..
Above all, be aware of what's going on, and who's around you at all times.
Can anyone know enough about everything to have the ability to make an assessment on their own? I think not.
If you rely on a third party assessment, you're still trusting someone else's claim to knowledge and integrity. Either way, you either trust your vendors or you don't.
This is not the first backdoor in network gear. In fact, this isn't, from a risk perspective, that massive an issue in a well designed network.
The backdoor allows access to the WLSE or HSE itself, not nec. to the devices it manages. Proper security (ACLs - why would you allow anyone coming in wirelessly to connect to your wireless management device?- etc) limits this risk significantly.
I'm really tired of people getting part of the story, or not thinking things through before they go off the deep end.
Managing and Leading are different things. You can do one without the other. The question is, what's expected in this position?
What's been described in the parent is a manager. A good leader is someone that will do whatever it takes to get the job done, will inspire his team members, will always be found in the thick of things leading and teaching his team members.
A good manager doesn't have to do any of those things, especially if he has a good leader on his team. A good manager (from the team's perspective) is someone that keeps management in general off their backs so they can concentrate on the job. A good manager is a good politician. A good manager listens to his team leaders and team members.
It's very very hard to be both a good leader and a good manager. There are people that can do it, but not many. Ask yourself, and ask your boss, management team, hr, anyone that can answer, what exactly they want you to do, and what their expectations are of you if you take the position.
There are several external antennas that you can buy that would work well, I'd look for a mag mount unless you really like to drill holes in your car.
As to which 802.11 nic you can use, it won't be a cheap one. I don't know if you're using a laptop, or a "customized" desktop installed in the car, but I'd look for cards like the Cisco AIR-PCI352 for the desktop, or the Cisco AIR-LMC352 PC Card.
The PCI card has a standard RP-TNC connector. The PC Card has a smaller MMCX connector, but both will allow you to use external antennae.
Check out Port based security and User based VLAN's. With 802.1X, it's actually simple to change the VLAN a port is in based on AAA parameters returned from the Authentication server.
According to the white paper on CCO this relies more on port based authentication and policy settings than on stateful inspection of the traffic flows across the router.
This systems used a piece of code called the "Cisco Security Agent", in standalone, or as part of certain AV software, to check the configuration of the pc, prior to authenticating to the switch, for access to the network. Port authentication is already available today, so this is a natural extension of the 802.1X technology.
Once the 802.1X negotiation is started, credentials are exchanged (username/password, certificates, et al) and a AAA server is queried for authentication, and authorization as well as security policies to determine if the client machine has an organization approved config - i.e proper patch levels, current AV asoftware, etc.
Depending on the outcome of this negotiation, the port access can be denied, put into an unsecure vlan, put into a remediation vlan, or put into a 'secure' vlan.
This is more of a technology to allow enterprises to ensure security via better control of desktop system configs than anything else.
Most of the posts I've seen on here seem to take the angle that they're looking for individual credentials. That's not what I get from the question.
Credentialing a partner (a business) should have a broader scope than having so many of this certification or that on staff. In my mind, at least, a partner would be required to spend x dollars a year keeping their internal training facilities current.
They would also maintain legacy hardware for probably three to five years after production ends. This would allow them to maintain currency on not only current hardware, but legacy equipment that might still be in use, or that a client might demand be used.
All people associated with delivering service to the customer would not only be required to spend some amount of time in the partner's training facility (4 weeks annually? - internal training or external), but would be required to spend 2 or more weeks a year in training that relates to business. This business training would, preferably, be in the partner's vertical market space so that the person delivering the service can better understand the customer's business.
I would also expect any top level partners to regularly participate in the Linux community, preferably as sponsors or contributors. If the partner has more of a stake in the community, they'll work harder to make the community successful while making themselves successful.
I'd also require some method of polling the partner's customers to determine the quality of service delivered to the customers. Include some method of penalizing bad service and rewarding outstanding service.
I'd also randomly poll the employee's of those partners about their impression of the quality of service delivered to the customer, and also about the environment they work in. People that aren't enjoying themselves tend to provide lower quality products.
At any rate, that's what immediately comes to mind. I'm sure I could come up with more given more time.
I've done several of these. For $185/hr, I'll help you do yours:)
That said, even on this small a scale, you should have an environmental and electrical engineer involved already. More than likely they're going to be pushing you towards a facility UPS, Dedicated AC, and diesel/natural gas generator.
My best advice, if you can't make these calculations yourself, is to LISTEN TO THEM!. Let them worry about power factors, UPS load, powerline harmonics, Thermal outputs, etc. That's what they get paid to do.
Alternatively, contract someone like me in to do it for you. Of course, I'll do the same things you could do, and probably use the same engineers you should, but give you the privilege of paying me to do the job so you can concentrate on things you know how to do and are important to your business.
They are required to give things that 911 uptime by law, if memory serves.
Actually, this is a good thing. As long as cable, or the Internet in general has no such legal requirements, wireline voice will always have a place. In some places, wireline voice is already called lifeline voice.
A lot of people get upset when they see the charges for 911 service on their monthly bills. I doubt many realize the effort required to keep 911 working and current, both on the telcos' and local government's parts.
I wouldn't hold my breath for Nov 24th. There's a significant number of techinical issues that have yet to be worked out, that the FCC has conviently ignored.
Can the wireless carriers implement number portability? Yes... Will it break a bunch of a stuff if they do? Yes again.
One of the most significant things that still has to be addressed is exactly how, who, and when the PSAP databases get updated. For those of you not up on telco terminology, the PSAP database is what 911 uses to locate you by your caller-id info.
Of course, the major issue with the carriers has to do with increased billing costs. Each carrier (wirelines and wireless) has their areas divided into rate centers. These are typically, but not always, associated with NPA-NXX numbers. Visit NANPA for more info on NPA-NXX.
Moving numbers between carriers will mess with the rate centers severely, for awhile anyway, and cause much confusion between carriers in relation to call termination charges, etc.
That said, if you were using a Cisco 2600 or 3700 series router, it would be a simple thing to slip in a WIC-1-AM, which is a one port analog modem. This modem can provide simple console access, handle PPP, dial-backup, callback, and probably several other neat things. You can implement authentication based on local accounts, or on authentication servers (tacacs/radius).
I've got about 200 of these deployed around the U.S. and they have been a major life saver many times when we've needed to trouble a circuit or router, or even to do bandwidth (port) upgrades. I no longer have to have my team travel around the country to install network modules or WIC cards. We can have an office technician on the phone and walk them through power down, removal, and re-insertion of most hardware, without having to give anyone else console access.
You have to consider each piece individually. Trusted users are one component, Untrusted users that still need access to internal resources are a component, Untrusted users that need access to public (Internet) resources, and third party connections (VPN or hardline).
In reality, you should have very few trusted users, mostly sysadmin types that need all access, and these folks should be authenticating to something everytime they need to use an all access connection. Most users should be untrusted, and as such I would consider using something like an SSL VPN/Reverse Application proxy cluster.
The untrusted user's connection would terminate on the SSL device and the SSL device would initiate the internal connection. This would help remove the risk of infection, among other things. This SSL device would be located in a DMZ network (between two firewalls) so that only the SSL device had access to the internal network, and only on ports that you specifiy based on applications you publish. There are some devices on the market that will allow you to initiate a Windows Terminal Services session, or even an X session with an internal host, adding another layer of security (also complexity, latency, etc).
Third Party connections should have a DMZ of their own. VPN connections should be terminated on devices between two firewalls (consider it a b2b dmz) to allow access only to resources absolutely critical to that partner.
And of course, for "Public Resources", or those generally accepted to be accessible by anyone from the Internet, you need to construct a dmz arraingement. Allow from the Internet the ports required to provide the service being published (http/https only, for example), and only to hosts in the dmz. Generally, try to construct applications on a push/pull basis so that all connections between dmz hosts and internal hosts are initiated by the internal hosts.
If you do this, use a general attitude of deny any any unless there's a damn good business case, and pay attention to patches, updates, etc. you should be ok.
I don't know how things work in your neck of the woods, but here all I had to do was threaten to take my business to another provider because the ISP in question had not bothered to even attempt to filter the 92 byte ICMP echo requests coming from the Internet into their own network.
Most pings are not 92 bytes exactly. The pings this virus sends out are 92 bytes with a payload of 'AA' repeated to pad it out to 92 bytes.
You mileage may vary, though, as I have several thousands of dollars monthly worth of leverage.
Slashdot Mirror
Short answer is that it depends.
Are you going to learn morse code? It's not required for a license anymore, but a QRP (low power) rig on 40 meters can work hundreds or thousands of miles with a decent antenna if the atmosphere is right. QRP rigs can be extremely small and light, too.
Yaseu has the FT-817 all-mode all-band radio that comes in at about 1.2kg (just more than 2.5lbs) including the antenna and battery. It's about 5"x6"x2" as I recall, with about 5W max output. It definitely gives you options.
Semper Fi, Jarhead.
I got out in '93, mainly because I was tired of working two extra jobs plus keeping up with everything with the Corps, just to support my family. I was a Cpl at the time, living in base housing, with one kid, one car, one wife, and not much else. As I recall, my total gross from my military pay was right at 13K that year. I made almost that much working part time at McD's that year.
I got out and took a job with a defense contractor doing the same thing I was doing in the Corps (TMDE repair/calibration), and immediately was grossing more than 25K.
While I was in, everyone I knew below the rank of Gunny or SSgt, and had a family was on food stamps and WIC.
And for the other poster commenting on the tricked out cars and crap he saw on the air force base... Stop and think... There's not many places to spend money when you're deployed to a combat zone. I suspect most of those 'kids' you saw that you thought were right outta boot have been to the sandbox and back.
Also, for your further education, the military doesn't pay all your expenses as an enlisted man... at least not when I was in the Corps. No one drew a pay check for the entire 12 weeks of boot camp, but when we got our initial pay, we took that $900 check they gave us, and spent most of it paying for our uniforms, our PX bill, and our travel to take our 10 day leave. While I was in school at 29 Palms, I didn't get paid at all for three months because of a payroll screw up. When I finally got paid, I owed for uniforms, haircuts, etc. When I was in school at MCLB Albany, GA, I ended up spending more than an entire months take home on a complete new issue of uniforms just so I could pass the Junk on Bunk inspections to get weekend liberty and not spend all weekend picking up trash on the CG's detail, or doing something equally banal on orders designed to give me something to do to keep young Marines out of trouble.
I'll end the rant this has become by simply saying this... no matter how much members of the military get paid, especially young enlisted men and women, they've made the choice to put their lives on the line, to shed their blood, just so other people back home can continue to make statements and assumptions about things they truly don't and will never understand.
It is by the blood of these men and women, my brothers and sisters in arms, that this country, as bad as it may be at the moment, is still the place people such as yourself gladly call home.
Don't forget that the support costs on a 5E dwarf even the cost of most, if not all, Smartnet contracts.
Simply said, because the equipment isn't/hasn't been able to support it, the only way to build 5 9's or better has been to add more equipment, which increases operations costs, capital costs, etc across the board in an almost linear fashion.
The market has for the most part established the level of service available by establishing the price point the customer is willing to pay for said service.
People love to point towards the big bad telcos and other companies as monopolies and only being concerned about profit margins. They forget that those same profit margins are what drive the company's stock price, in turn causing growth in people's portfolios. It's a vicious cycle and won't end until enough people decide they have enough.
The End to End Performance Initiative has a knoppix live CD image you can download that includes test tools that may help. I'm in the process of deploying these tools around my network now.
o lkit.html is the URL.
I've not tried to push a full gig with them (yet), but they seem to work better than anything else I've found so far...
http://e2epi.internet2.edu/network-performance-to
The existing Public Switched Telephone network.
.
I've not read the patent, but if the claim is really as broad as indicated, it would seem to include the PSTN currently used for 'analog' calls.
The PSTN, by definition a Public Network, is made up of analog access lines connection analog 'terminals' - your phones - to what's known as a Class 5 switch. Class 5 switches are connected together at what's known as a Tandem, providing connectivity between all the users within an area. Access to the long distance network is via a connection to a Class 4 switch, usually at the tandem, but not always. Class 4 switches are interconnected (internetworked??) with other switches, and eventually a sufficient network is formed that allows you to call anyone with a phone.
The Switches (Class 5, Class 4, etc) used in this network are very much computers, and have been for quite some time http://en.wikipedia.org/wiki/5ESS_switch.
The analog to digital conversion used to be done in the CO itself, and sometimes still is, but usually it's done at the Digital Loop Carrier (DLC) closest to the customer http://en.wikipedia.org/wiki/Digital_loop_carrier
This network even has its own routing and control protocol, SS7 http://en.wikipedia.org/wiki/SS7.
Plainly, the only thing really new about VoIP is that it abtracts the physical transport and allows the control plane traffic to be transmitted on the same path as the bearer plane traffic.
I've done it with up to two sat hops without much problem. For a geo-synch bird, expect 620-630ms latency roundtrip from one end of the connection to the other for each earth-sat-earth hop in the path.
VoIP guidelines generally say 150ms is the latency limit, but in my experience, jitter is more important to overall call quality. A stable, low jitter connection with higher latency will have a higher MOS score (sound better) than a high jitter, low average latency connection.
For reference, my config was using a Cisco 7910G ip phone, 3524XL PoE switch, 2621 router, sat netmodem (iDirect), satellite (AMC-5, I think is the bird we used to test with), groundstation, 7206VXR, Cat6509, MCS7835 with Call Manager 3.3, and AS5350 with 1 PRI as a POTS gateway.
I conducted several multiparty conference calls using this setup as part of a dog and pony show and all the executives thought the quality was at least acceptable.
Code selection is also important. G.711 will usually sound better, use less processor resources, and will have a lower inherent latency. However G.711 requires a minimum of 64K per call, just for the voice portion. Add IP overhead and you're looking around 70K per call.
G.729a is probably a better choice, but there will be a slight delay and quality penalty. Jitter may be higher as well depending what else the processor is handling at the same time. Bandwidth requirements will drop to around 14-16K per call, with overhead, however.
QoS is important if you're going to use the link for other traffic besides voice. You want to make sure that your voice packets, regardless of codec, are prioritized and handled before any other traffic crossing the link. Since you've already blown your delay budget (the 150ms I mentioned earlier), you need to try to make sure that the jitter buffers are buffering enough data to smooth out the voice traffic, also.
In conclusion, VoIPoSat isn't trivial, but it is doable. There will have to be significant performance tuning in the network to control jitter.
As always, YMMV.
Joe
Actually a real T1 uses 2 pair, one for transmit, and one for receive. A T1 delivered by HDSL uses a single pair up to the smart jack, but it's still two pair (1,2,4,5 on the RJ45/RJ48).
And if you're actually in a CO, trying to trace a circuit between DSX panels, there's a fifth wire, the locator wire, wired in as part of the cross connect. It provides a neat function - when you insert a looping plug in the dsx, lights on both DSX panels come on to tell you where the circuit is.
Don't confuse Hams and CB'ers. Hams are licensed to transmit up to a certain power on certain frequencies. In some bands, with some licenses, a ham can use 1500W, if needed. The general rule is to use on the power required to make the connection.
If you have a signal getting beat up by a ham's transmitter, the first question I'd have to ask is why are you transmitting in a ham band?
I don't mean to flame.. But you need to spend some time on CCO at least.
Meet me in New Orleans in a couple of weeks, and I can teach you all about Cisco's Modular QoS implementation.
I will say this, using MQoS, I can classify traffic based on just about anything, from layer 2 up. Once I classify it, I can priority or custom queue it, change next hop info, retag it, change IP Prec bits, add/change DiffServ bits, et al.
BTW.. to enable RSVP, try this on the INTERFACE you want RSVP enabled-
ip rsvp bandwidth [interface-kbps] [single-flow-kbps]
where interface-kbps is the bandwidth allowed to be reserved by rsvp (defaults to 75% of interface) and single-flow-kbps is the max bandwidth allowed to be reserved by a single flow. Both are optional. RSVP is disabled by default, as it is assumed that if you need RSVP, you know enough about it to turn it on.
If you actually work for a partner, you need to check out QoS on the Partner E-Learning Connection.
Simply put, don't be a target. Carry yourself with the attitude that you aren't anyone's target, you belong exactly where you are, and know exactly what's going down.
Know what's going on around you at all times. Walking around any kinda of area where you could get mugged wearing any kind of earphones tells those watching that you have NO awareness of much of anything except what's right in front of you. Since you're a geek, maybe not even that.
Use the senses you were born with... if you hear something behind you, move first, ask questions later. See something that makes the hair on your neck bristle ahead? MOVE to the other side of the street. Don't take that shortcut down the isolated alley.
Vary your routes if you think you need to..
Above all, be aware of what's going on, and who's around you at all times.
Perhaps the folks at the Beauregard Parish Public Library could help out. Check out Whitebox Linux" to see what they're doing.
Can anyone know enough about everything to have the ability to make an assessment on their own? I think not.
If you rely on a third party assessment, you're still trusting someone else's claim to knowledge and integrity. Either way, you either trust your vendors or you don't.
This is not the first backdoor in network gear. In fact, this isn't, from a risk perspective, that massive an issue in a well designed network.
The backdoor allows access to the WLSE or HSE itself, not nec. to the devices it manages. Proper security (ACLs - why would you allow anyone coming in wirelessly to connect to your wireless management device?- etc) limits this risk significantly.
I'm really tired of people getting part of the story, or not thinking things through before they go off the deep end.
The patch is already available to registered CCO users.
If you read the notification on CCO, you'd know that.
Managing and Leading are different things. You can do one without the other. The question is, what's expected in this position?
What's been described in the parent is a manager. A good leader is someone that will do whatever it takes to get the job done, will inspire his team members, will always be found in the thick of things leading and teaching his team members.
A good manager doesn't have to do any of those things, especially if he has a good leader on his team. A good manager (from the team's perspective) is someone that keeps management in general off their backs so they can concentrate on the job. A good manager is a good politician. A good manager listens to his team leaders and team members.
It's very very hard to be both a good leader and a good manager. There are people that can do it, but not many. Ask yourself, and ask your boss, management team, hr, anyone that can answer, what exactly they want you to do, and what their expectations are of you if you take the position.
There are several external antennas that you can buy that would work well, I'd look for a mag mount unless you really like to drill holes in your car.
As to which 802.11 nic you can use, it won't be a cheap one. I don't know if you're using a laptop, or a "customized" desktop installed in the car, but I'd look for cards like the Cisco AIR-PCI352 for the desktop, or the Cisco AIR-LMC352 PC Card.
The PCI card has a standard RP-TNC connector. The PC Card has a smaller MMCX connector, but both will allow you to use external antennae.
Use Ladder rack from the wall to the cabinet, then run power over the ladder.
The ladder should be 7' or higher from the floor.
Check out Port based security and User based VLAN's. With 802.1X, it's actually simple to change the VLAN a port is in based on AAA parameters returned from the Authentication server.
According to the white paper on CCO this relies more on port based authentication and policy settings than on stateful inspection of the traffic flows across the router.
This systems used a piece of code called the "Cisco Security Agent", in standalone, or as part of certain AV software, to check the configuration of the pc, prior to authenticating to the switch, for access to the network. Port authentication is already available today, so this is a natural extension of the 802.1X technology.
Once the 802.1X negotiation is started, credentials are exchanged (username/password, certificates, et al) and a AAA server is queried for authentication, and authorization as well as security policies to determine if the client machine has an organization approved config - i.e proper patch levels, current AV asoftware, etc.
Depending on the outcome of this negotiation, the port access can be denied, put into an unsecure vlan, put into a remediation vlan, or put into a 'secure' vlan.
This is more of a technology to allow enterprises to ensure security via better control of desktop system configs than anything else.
Most of the posts I've seen on here seem to take the angle that they're looking for individual credentials. That's not what I get from the question.
Credentialing a partner (a business) should have a broader scope than having so many of this certification or that on staff. In my mind, at least, a partner would be required to spend x dollars a year keeping their internal training facilities current.
They would also maintain legacy hardware for probably three to five years after production ends. This would allow them to maintain currency on not only current hardware, but legacy equipment that might still be in use, or that a client might demand be used.
All people associated with delivering service to the customer would not only be required to spend some amount of time in the partner's training facility (4 weeks annually? - internal training or external), but would be required to spend 2 or more weeks a year in training that relates to business. This business training would, preferably, be in the partner's vertical market space so that the person delivering the service can better understand the customer's business.
I would also expect any top level partners to regularly participate in the Linux community, preferably as sponsors or contributors. If the partner has more of a stake in the community, they'll work harder to make the community successful while making themselves successful.
I'd also require some method of polling the partner's customers to determine the quality of service delivered to the customers. Include some method of penalizing bad service and rewarding outstanding service.
I'd also randomly poll the employee's of those partners about their impression of the quality of service delivered to the customer, and also about the environment they work in. People that aren't enjoying themselves tend to provide lower quality products.
At any rate, that's what immediately comes to mind. I'm sure I could come up with more given more time.
I've done several of these. For $185/hr, I'll help you do yours :)
That said, even on this small a scale, you should have an environmental and electrical engineer involved already. More than likely they're going to be pushing you towards a facility UPS, Dedicated AC, and diesel/natural gas generator.
My best advice, if you can't make these calculations yourself, is to LISTEN TO THEM!. Let them worry about power factors, UPS load, powerline harmonics, Thermal outputs, etc. That's what they get paid to do.
Alternatively, contract someone like me in to do it for you. Of course, I'll do the same things you could do, and probably use the same engineers you should, but give you the privilege of paying me to do the job so you can concentrate on things you know how to do and are important to your business.
They are required to give things that 911 uptime by law, if memory serves.
Actually, this is a good thing. As long as cable, or the Internet in general has no such legal requirements, wireline voice will always have a place. In some places, wireline voice is already called lifeline voice.
A lot of people get upset when they see the charges for 911 service on their monthly bills. I doubt many realize the effort required to keep 911 working and current, both on the telcos' and local government's parts.
I wouldn't hold my breath for Nov 24th. There's a significant number of techinical issues that have yet to be worked out, that the FCC has conviently ignored.
Can the wireless carriers implement number portability? Yes... Will it break a bunch of a stuff if they do? Yes again.
One of the most significant things that still has to be addressed is exactly how, who, and when the PSAP databases get updated. For those of you not up on telco terminology, the PSAP database is what 911 uses to locate you by your caller-id info.
Of course, the major issue with the carriers has to do with increased billing costs. Each carrier (wirelines and wireless) has their areas divided into rate centers. These are typically, but not always, associated with NPA-NXX numbers. Visit NANPA for more info on NPA-NXX.
Moving numbers between carriers will mess with the rate centers severely, for awhile anyway, and cause much confusion between carriers in relation to call termination charges, etc.
Sounds like you're using a soho router.
That said, if you were using a Cisco 2600 or 3700 series router, it would be a simple thing to slip in a WIC-1-AM, which is a one port analog modem. This modem can provide simple console access, handle PPP, dial-backup, callback, and probably several other neat things. You can implement authentication based on local accounts, or on authentication servers (tacacs/radius).
I've got about 200 of these deployed around the U.S. and they have been a major life saver many times when we've needed to trouble a circuit or router, or even to do bandwidth (port) upgrades. I no longer have to have my team travel around the country to install network modules or WIC cards. We can have an office technician on the phone and walk them through power down, removal, and re-insertion of most hardware, without having to give anyone else console access.
You have to consider each piece individually. Trusted users are one component, Untrusted users that still need access to internal resources are a component, Untrusted users that need access to public (Internet) resources, and third party connections (VPN or hardline).
In reality, you should have very few trusted users, mostly sysadmin types that need all access, and these folks should be authenticating to something everytime they need to use an all access connection. Most users should be untrusted, and as such I would consider using something like an SSL VPN/Reverse Application proxy cluster.
The untrusted user's connection would terminate on the SSL device and the SSL device would initiate the internal connection. This would help remove the risk of infection, among other things. This SSL device would be located in a DMZ network (between two firewalls) so that only the SSL device had access to the internal network, and only on ports that you specifiy based on applications you publish. There are some devices on the market that will allow you to initiate a Windows Terminal Services session, or even an X session with an internal host, adding another layer of security (also complexity, latency, etc).
Third Party connections should have a DMZ of their own. VPN connections should be terminated on devices between two firewalls (consider it a b2b dmz) to allow access only to resources absolutely critical to that partner.
And of course, for "Public Resources", or those generally accepted to be accessible by anyone from the Internet, you need to construct a dmz arraingement. Allow from the Internet the ports required to provide the service being published (http/https only, for example), and only to hosts in the dmz. Generally, try to construct applications on a push/pull basis so that all connections between dmz hosts and internal hosts are initiated by the internal hosts.
If you do this, use a general attitude of deny any any unless there's a damn good business case, and pay attention to patches, updates, etc. you should be ok.
I don't know how things work in your neck of the woods, but here all I had to do was threaten to take my business to another provider because the ISP in question had not bothered to even attempt to filter the 92 byte ICMP echo requests coming from the Internet into their own network.
Most pings are not 92 bytes exactly. The pings this virus sends out are 92 bytes with a payload of 'AA' repeated to pad it out to 92 bytes.
You mileage may vary, though, as I have several thousands of dollars monthly worth of leverage.